build(deps): bump buildbot from 2.0.1 to 2.3.1 in /tools/continuous_integration/buildbot

[dependabot]

Bumps buildbot from 2.0.1 to 2.3.1.

Release notes

Sourced from buildbot's releases.

v2.3.1

Bug fixes

• Fix vulnerability in OAuth where user-submitted authorization token was used for authentication (https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication). Thanks to Phillip Kuhrt for reporting it.

v2.3.0

Highlights

• Support for older browsers has been hopefully temporarily broken due to frontend changes in progress. Notably, Internet Explorer 11 is not supported in this release. Currently supported browsers are Chrome 56, Firefox 52, Edge 13 and Safari 10, newer versions of these browsers and their compatible derivatives. This set of browsers covers 98% of users of buildbot.net.

Bug fixes

• Fixed :bb:step:Git to clean the repository after the checkout when submodules are enabled. Previously this action could lead to untracked module directories after changing branches.
• Latent workers with negative build_wait_timeout will be shutdown on master shutdown.
• Latent worker will now wait until start_instance() before starting stop_instance() or vice-versa. Master will wait for these functions to finish during shutdown.
• Latent worker will now correctly handle synchronous exception from the backend worker driver.
• Fixed a potential error during database migration when upgrading to versions >=2.0 (:issue:4711).

Deprecations and Removals

• The implementation language of the Buildbot web frontend has been changed from CoffeeScript to JavaScript. The documentation has not been updated yet, as we plan to transition to TypeScript. In the transitory period support for some browsers, notably IE 11 has been dropped. We hope to bring support for older browsers back once the transitory period is over.
• The support for building Buildbot using npm as package manager has been removed. Please use yarn as a replacement that is used by Buildbot developers.

v2.2.0

Bug fixes

• Fix passing the verify and debug parameters for the HttpStatusPush reporter
• The builder page UI now correctly shows the list of owners for each build.
• Fixed bug with tilde in git repo url on Python 3.7 (:issue:4639).
• Fix secret leak when non-interpolated secret was passed to a step (:issue:4007)

Features

• Added new :bb:step:GitCommit step to perform git commit operation
• Added new :bb:step:GitTag step to perform git tag operation
• HgPoller now supports bookmarks in addition to branches.
• Buildbot can now monitor multiple branches in a Mercurial repository.
• :py:class:~buildbot.www.oauth2.OAuth2Auth have been adapted to support ref:Secret.
• Buildbot can now get secrets from the unix password store by zx2c4 (https://www.passwordstore.org/).
• Added a basename property to the Github pull request webhook handler.
• The GitHub change hook secret can now be rendered.
• Each build now gets a preparation step which counts the time spend starting latent worker.

... (truncated)

Commits

• 602fcbc Merge pull request #4788 from p12tic/2.3.x-release
• d80c10c docs: Update spelling word list
• 3731e89 relnotes: Add relnote for v2.3.1
• 8909266 relnotes: Add relnote for v1.8.2
• f56a16b relnotes: Add relnote for v1.8.1
• e418e84 Merge pull request #4785 from p12tic/2.3.x-no-token
• 51339c9 Revert "master: Accept GitHub access_token directly from user"
• 22e9a0a Merge pull request #4755 from p12tic/release
• 3eb3a5a Improve release notes
• dc5e3a8 relnotes for 2.3.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.